Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-05-08T17:17:01 Crypt::PasswdMD5: Perl: Crypt::PasswdMD5: Weak cryptographic salts due to predictable random number generation 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CWE-338

Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts. The built-in rand function is predictable, and unsuitable for cryptography.

A flaw was found in Crypt::PasswdMD5 for Perl. This component generates insecure random values for cryptographic salts, which are used to strengthen password hashes. The built-in `rand` function, used for generating these salts, is predictable and not suitable for cryptographic purposes. This vulnerability could allow an attacker to more easily crack password hashes, potentially leading to unauthorized access or information disclosure.

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. Red Hat Enterprise Linux 10 Fix deferred perl Red Hat Enterprise Linux 6 Fix deferred perl Red Hat Enterprise Linux 7 Fix deferred perl Red Hat Enterprise Linux 8 Fix deferred perl Red Hat Enterprise Linux 8 Fix deferred perl:5.32/perl Red Hat Enterprise Linux 9 Fix deferred perl Red Hat OpenShift Container Platform 4 Fix deferred rhcos https://www.cve.org/CVERecord?id=CVE-2026-6659 https://nvd.nist.gov/vuln/detail/CVE-2026-6659 https://metacpan.org/release/RSAVAGE/Crypt-PasswdMD5-1.42/source/lib/Crypt/PasswdMD5.pm#L35-47